Same Origin Policy Bypass in Microsoft XML Core Services
CVE-2015-1646

Currently unrated

Key Information:

Vendor: Microsoft
Status: Xml Core Services
Vendor: CVE Published:; 14 April 2015

What is CVE-2015-1646?

Microsoft XML Core Services 3.0 is susceptible to a vulnerability that permits remote attackers to bypass the Same Origin Policy through a specially crafted Document Type Definition (DTD). This exploitation can lead to unauthorized access to sensitive data, posing significant risks to users and organizations relying on this component. It is essential for users to apply the necessary updates and patches to safeguard their systems.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securitytracker.com/id/1032114

vdb-entryx_refsource_SECTRACK

EPSS Score

33% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2015
Vulnerability Reserved
Feb 17, 2015